Who is this presentation for?

Prerequisite knowledge

Basic software development process terms, such as waterfall, Agile, and DevOps

What you'll learn

Understand where to start, how to scale, and how to maintain good application security in a fast-paced DevOps environment

Description

Does your security team think finding a bunch of defects and giving a report to devs is a job well done? Do your in-house developers have the expertise to successfully identify software security defects on their own and know how to resolve security defects once identified? Do you have plenty of secure coding experts so that every development team has access to advice or mentoring on how to improve the security of their code? Do development teams test early and often in the SDLC instead of waiting until just before production to ask for a scan of their application? Is your current AppSec process transparent to developers? Do you think testing your software for security defects once or twice a year is enough, even though changes to your software happen perhaps as often as several times a day?

Application security is tough. But while the rest of the world tries to solve the problems of insecure software with firewalls and intrusion detection, Jeremy Anderson explains how to solve the problem where it starts: at the code that defines it. Join Jeremy to learn how to fix code security defects when they’re created instead of during production when it’s already too late.

Topics include:

How to transition from “test it the week before production” to “test it every day during development”

How to get teams to adopt the testing platform and scan their code on a regular basis

How to get security programs funded and implement the technology quickly

How to scale the program in a short time without adding tons of staff

Jeremy Anderson

Cambia Health Solutions

Jeremy Anderson has 16 years’ experience developing software solutions for numerous Fortune 500 companies. Jeremy is currently a secure software architect and CSSLP at Cambia Health Solutions, where he is charged with bootstrapping and scaling an application security program from the ground up for dozens of applications produced by hundreds of developers. He’s been successful at making it happen—in a timeline measured in months instead of years.